ASP.NET Core and MVC is a mature and modern platform to build secure web applications and APIs for a while now. Starting with version 2.2, Microsoft makes big investments in the areas of standards-based authentication, single sign-on and API security by including the popular open source project IdentityServer4 in the project templates.

This talk gives an overview over the various security features in ASP.NET Core but focuses in particular on the API security scenarios enabled by IdentityServer.